Re: sniffer detection on switched based networks

From: Rob McMillen (rvmcmil@cablespeed.com)
Date: 02/06/03

Next message: Brett Harris: "Re: sniffer detection on switched based networks"

Previous message: Rob McMillen: "RE: Active response... some thoughts."
In reply to: Sangram: "sniffer detection on switched based networks"
Next in thread: Brett Harris: "Re: sniffer detection on switched based networks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 5 Feb 2003 18:13:13 -0500 (EST)
From: Rob McMillen <rvmcmil@cablespeed.com>
To: Sangram <sangram@mahindrabt.com>

Take a look at snort's arpspoof preprocessor plugin.

On Wed, 5 Feb 2003, Sangram wrote:

> Hi,
>
> As we know sniffing on swithch based networks is not easy (ignoring the
> monitor port of the switch). Usually a arp spoof, DNS spoof or other such
> attacks have to be launched. There are tools like Dsniff which can
> accomplish this task quite easily.
> Now what I would like to know is there any method / tool or snort ids rule
> set which can detect such sniffers on systems esp on switch based networks.
> And here I am talking of large corporate ethernet networks. The
> considerations are that I dont want to over load the network by probing each
> w/s indivisually. And if the process is automated it would be all the more
> better.
>
> Regards
>
> Sangram Gayal
> Associate Consultant
> Enterprise Security Consulting Group
> Mahindra - British Telecom Ltd.
>
> *********************************************************
> Disclaimer
>
> This message (including any attachments) contains
> confidential information intended for a specific
> individual and purpose, and is protected by law.
> If you are not the intended recipient, you should
> delete this message and are hereby notified that
> any disclosure, copying, or distribution of this
> message, or the taking of any action based on it,
> is strictly prohibited.
>
> *********************************************************
> Visit us at http://www.mahindrabt.com
>
>
>
>

Next message: Brett Harris: "Re: sniffer detection on switched based networks"
Previous message: Rob McMillen: "RE: Active response... some thoughts."
In reply to: Sangram: "sniffer detection on switched based networks"
Next in thread: Brett Harris: "Re: sniffer detection on switched based networks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

sniffer detection on switched based networks
... Usually a arp spoof, ... set which can detect such sniffers on systems esp on switch based networks. ... Enterprise Security Consulting Group ...
(Focus-IDS)
Re: Prevent ARP spoof
... Subject: Prevent ARP spoof ... centipede. ... Ashish Gupta wrote: ... >Is there a way to prevent arp spoofs on the networks? ...
(Security-Basics)
Re: Prevent ARP spoof
... Subject: Prevent ARP spoof ... On Mon, 10 Sep 2001, Ashish Gupta wrote: ... > Is there a way to prevent arp spoofs on the networks? ... Static Arp ...
(Security-Basics)